Approved on 28 december, 2019,Director General of Beget LLC,A.E.
Kliukov ,Personal Data Processing Policy of Beget LLC,Saint Petersburg, 2020,1.
General provisions,1.1.
This Policy on processing and protection of personal data of Beget LLC’s subscribers (hereinafter referred to as ,the Policy) defines the procedure for processing and protection warranties for personal data of Beget LLC’s ,(hereinafter referred to as the Operator) subscribers.,1.2.
This Policy has been developed in accordance with the Constitution of the Russian Federation, Convention for ,the Protection of Individuals with regard to Automatic Processing of Personal Data ETS No.
108 as of 28.01.1981.
,Regulation (EU) 2016/679 (General Data Protection Regulation).
Civil Code of the Russian Federation.
Federal ,Law of the Russian Federation No.
152-FZ as of 27.07.2006 ‘On personal data’.
Federal Law of the Russian ,Federation No.
149-FZ as of 27.07.2006 ‘On information, information technologies and information protection’.
,Federal Law of the Russian Federation No.
126-FZ as of 07.07.2003 ‘On communications’ and other regulatory ,legal acts of the Russian Federation.,1.3.
This Policy and all amendments and additions hereto shall be approved and put into effect by order of the ,General Director of the Operator.,1.4.
This Policy is a public document and is published on the Operator’s official website on the Internet.,2.
Terms used in this Policy and their definitions,2.1.
Subscriber is a subject of personal data, a user of services, who has concluded a contract for provision of such ,services with the Operator (hereinafter referred to as the Contract), as well as other persons who have addressed to ,the Operator with any requests.,2.2.
Personal data operator(the Operator) is Beget LLC that organizes and (or) carries out the processing of ,personal data independently or jointly with other persons, as well as determines the purposes of personal data ,processing, the composition of personal data to be processed and actions (operations) to be performed with personal ,data;,2.3.
Subscriber’s personal data means any information relating to a defined or identifiable (directly or indirectly) ,Subscriber and necessary for the Operator in order to fulfill the Contract and correspond to the requirements of the ,legislation.,2.4.
Personal data processing means any action (operation) or a set of actions with personal data performed ,manually or automatically including collection, recording, systematization, accumulation, storage, clarification ,(update, change), extraction, operation, transfer (distribution, provision, access) depersonalization, blocking, ,deletion and destruction of personal data;,2.5.
Distribution of personal data means actions aimed at disclosure of personal data to an indefinite circle of ,persons.,2.6.
Provision of personal data means actions aimed at disclosure of personal data to a definite individual/legal ,entity or a definite group of individuals/legal entities.,2.7.
Blocking of personal data means temporary termination of personal data processing (except if processing is ,necessary to clarify such personal data).,2.8.
Personal data operation means actions with the Subscriber’s personal data performed by an Operator’s officer ,for the purpose of making decisions or performing other actions leading to legal consequences for such Subscriber ,or otherwise affect their rights and freedoms or the rights and freedoms of other individuals/legal entities;,2.9.
Destruction of personal data means actions, in the result of which it becomes impossible to restore the content,of personal data in the information system of Subscribers personal data or in the result of which the hardware storing,such personal data have been destroyed.,2.10.
Depersonalization of personal data means actions, in the result of which it becomes impossible to correlate ,the identity of personal data with a particular person with no additional information.,2.11.
Public personal data is personal data, to which their owner (Subscriber) has granted access to an unlimited ,number of individuals/legal entities.,2.12.
Confidentiality of personal data means the requirement of inadmissibility to provide and / or distribute ,personal data without the Subscriber’s consent compulsory for compliance by an individual/legal entity who has ,gained an access to such personal data, or with no other legal grounds.,2.13.
Cross-border transfer of personal data means transfer of personal data to the territory of a foreign state to ,the authority of a foreign state, a foreign individual or a foreign legal entity.,3.
Purposes of personal data collection and processing,3.1.
The Operator shall define the purposes of personal data processing before processing:,3.1.1.
Provision of services, including communication services;,3.1.2.
Fulfillment of contractual obligations;,3.1.3.
Settlements with Subscribers;,3.1.4.
Processing of complaints, statements of Subscribers;,3.1.5.
Compliance with the requirements of tax legislation, legislation of the Russian Federation on compulsory ,social insurance and compulsory pension insurance;,3.1.6.
Execution of commercial activities stipulated by the Operator’s Charter;,3.1.7.
Promotion of services at the market by making direct contacts with potential customers through the means of ,communication.,3.2.
The following shall be a legal basis for personal data processing:,Federal Law No.
152-FZ as of 27.07.2006 ‘On personal data’;,Regulation (EU) 2016/679 (General Data Protection Regulation);,Civil Code of the Russian Federation;,Tax Code of the Russian Federation;,Federal Law No.
167-FZ as of 15.12.2001 ‘On compulsory pension insurance in the Russian Federation’;,Federal Law No.
126-FZ as of 07.07.2003 ‘On communications’;,Law of the Russian Federation № 2124-1 of 27.12.1991 ‘On mass media’;,Rules of domain name registration within .RU and .РФ domain zones;,Rules of domain name registration within .SU domain zone;,ICANN policy rules for registering domain names within international zones;,Licenses No.
160632 as of 11.12.2014, No.
160633 as of 15.05.2014, No.
160634 as of 15.05.2014, No.
,160635 as of 17.04.2017 issued to the Operator by the Federal Service for Supervision of Communications, ,Information Technology and Mass Media;,Certificate of a mass media registration Эл No.
ФС77-71934 as of 26.12.2017 issued to the Operator by the ,Federal Service for Supervision of Communications, Information Technology and Mass Media;,Charter of Beget LLC;,Resolution of the Government of the Russian Federation No.
687 as of 15.09.2008 ‘On approval of the ,Regulations on peculiarities of personal data processing carried out with no automation»;,Roskomnadzor Order No.
996 as of 05.09.2013 ‘On approval of requirements and methods for personal data ,depersonalization’;,Contracts concluded between the Operator and the Subscriber including the Public Offer;,Consent to personal data processing;,Other normative legal acts of the Russian Federation and normative documents of state authorized bodies.,3.3.
In order to achieve the purposes of personal data processing, the Operator shall perform the following ,operations: collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, ,operation, transfer (provision, access), blocking, deletion, and destruction of personal data.,4.
Principles of ensuring security of personal data,4.1.
The main objective of ensuring security of the Subscriber’s personal data during their processing by the ,Operator is to prevent any unauthorized access to them by third parties, to prevent deliberate software and technical ,and other influences aiming at theft of the Subscriber’s personal data, destruction or distortion of its during its ,processing.,4.2.
The Operator shall be guided by the following principles in order to ensure the security of the Subscriber’s ,personal data:,legality: the protection of the Subscriber’s personal data shall be based on provisions of regulatory legal acts ,and methodological documents of the state bodies authorized in the field of processing and protection of ,personal data;,consistency: the Operator shall process the Subscriber’s personal data taking into account all interrelated, ,interacting and time-changing elements, conditions and factors important for understanding and solving the ,problem of ensuring the security of the Subscriber’s personal data;,complexity: the protection of the Subscriber’s personal data shall be built using the functionality of information,technologies implemented in the Operator’s information systems and other systems and means of protection ,available to the Operator;,continuity: the protection of the Subscriber’s personal data shall be provided at all stages of its processing and ,in all modes of functioning of systems engaged in processing of the Subscriber’s personal data including when ,carrying out repair and routine works;,timeliness: the measures to ensure an appropriate level of security of the Subscriber’s personal data shall be ,taken prior to their processing;,continuity and continuous improvement: upgrading and expansion of measures and means of protection of the ,Subscriber’s personal data shall be performed on the basis of the analysis results of the Operator’s actual ,processing of the Subscriber’s personal data based on identification of new methods and means of realization ,of threats to security of the Subscriber’s personal data, domestic and foreign experience in the sphere of ,information protection;,personal liability: the liability for ensuring the security of the Subscriber’s personal data shall rest with the ,Operator’s employees within their duties related to processing and protection of the Subscriber’s personal data;,minimization of access rights: the Operator shall provide its employees with an access to the Subscriber’s ,personal data only to the extent necessary to perform their duties;,flexibility: to ensure functions of protection of the Subscriber’s personal data even when changing the ,characteristics of the Operator’s information systems functioning or the volume and composition of the ,Subscriber’s personal data being processed;,specialization and professionalism: only the Operator’s employees possessing the necessary qualification and ,experience shall implement measures aimed at ensuring the security of the Subscriber’s personal data;,efficiency of personnel selection procedures: the Operator’s personnel policy shall provide a careful selection ,of personnel and motivation of the Operator’s employees allowing to exclude or minimize the possibility of ,violation of the Subscriber’s personal data security;,observability and transparency: the measures ensuring the Subscriber’s personal data security shall be planned ,so as the results of their application were clearly observable (transparent) and could be evaluated by the ,controlling officers;,continuity of monitoring and evaluation: the procedures for continuous monitoring over the use of systems for ,processing and protection of the Subscriber’s personal data shall be established, and the results of such ,monitoring shall be regularly analyzed.,5.
Composition of personal data,5.1.
The Subscriber’s personal data includes:,- surname, given name, patronymic;,- identification document details;,- date and place of birth;,- place of registration and place of residence, contact phone numbers, e-mail address, invoice delivery address;,- other data allowing to identify the Subscriber;,- surname, given name, patronymic of the Subscriber’s head and employees is the Subscriber is a legal entity (other ,personal data of these persons provided by them when concluding / executing the Contract).,5.2.
The Subscriber’s personal data may be contained in the following documents:,- concluded contracts and agreements;,- applications for conclusion / termination of contracts, connection / suspension / disconnection of services;,- claims and other appeals of the Subscriber;,- invoices for services, invoice details, acts of services rendered;,- in other documents.,5.3.
The operation with personal data shall be carried out only for such purposes, to such extent and within such ,time frame as are necessary in order to achieve the Operator’s purposes.,6.
Personal data processing,6.1.
The initial collection of the Subscriber’s personal data shall be made when concluding the Contract / accepting ,the Public Offer and / or at the Subscriber’s requests and within the framework of information and reference services,including in the process of providing services.,6.2.
The Contracts and applications for services thereto shall be concluded at the Operator’s office directly or by ,exchanging signed copies of the contract by mail, or by the Subscriber accepting the operator’s Public Offer ,published on the Operator’s website.,6.3.
The Operator’s structural departments shall collect the Subscriber’s personal data solely for the Operator to ,achieve its purposes and objectives.
The collection of the Subscriber’s personal data for other purposes shall be ,prohibited.,6.4.
All the Subscriber’s personal data shall be obtained from them or their representative duly authorized by a ,Power of Attorney.,6.5.
When concluding the Contract, the Subscriber-individual shall provide their passport or other identifying ,document.
When concluding the Contract on behalf of a legal entity, its representative shall provide a document ,confirming its power as well as other documents (copies thereof) of the Subscriber-legal entity that are necessary for,concluding the Contract in accordance with the current legislation.
When concluding the Contract by the Subscriber ,accepting the Public Offer, the Subscriber shall enter their personal data into the registration form on the Operator’s ,website https://beget.com/en and then confirm the fact of being aware of the Processing Policy and Public Offer, and,then accept the Public Offer.,6.6.
Upon conclusion of the Contract / acceptance of the Public Offer and in the process of providing services, the ,Operator shall enter the personal data received by it into an automated information base.,6.7.
The processing of the Subscriber’s personal data shall be carried out in order to ensure the compliance with ,laws and other legal acts of the Russian Federation, to fulfill the service-wise obligations and to pay for services ,under the contracts and relations arisen when providing services.,6.8.
The Operator shall comply with the general requirements established by the legislation when processing the ,Subscriber’s personal data.,6.9.
In determining the volume and content of personal data processed, the Operator shall be guided by the ,Constitution of the Russian Federation, the Federal Law ‘On communications’, the Federal Law ‘On personal data’ ,and other Federal Laws.,6.10.
The Operator shall process the Subscriber’s personal data in the following ways:,- with no automation (manual processing);,- with an automation (automated processing).,6.11.
The processing of personal data contained in the personal data information system or extracted from such ,system shall be considered to be carried out with no automation (manual), if such actions with personal data as ,operation, clarification, distribution and destruction in respect of each Subscriber have been carried out with the ,direct participation of a person.
The processing of personal data shall not be recognized as carried out with an ,automation tools only because such personal data have been contained in the information system or have been ,extracted from it.,6.12.
The contract, applications and other documents containing the Subscriber’s personal data shall be sent to a ,relevant structural department of the Operator that then checks the correctness of filling in the documents, and shall ,subsequently be transferred for storage.,6.13.
The personal data should be stored in a manner that excludes their loss or misuse.,6.14.
The Subscriber’s personal data entered into an automated information base shall be protected by taking the ,necessary organizational and technical measures to protect against illegal or accidental access to it, its destruction, ,modification, blocking, copying, distribution of personal data, as well as from other illegal actions.,6.15.
Persons responsible for the introduction of information on the Subscriber, consideration of claims and ,requests, shall have an access to the Subscriber’s personal data to the extent necessary for fulfillment of the Contract,and provision of services.,6.16.
The Subscriber shall have the right to be acquainted with their personal data only.
The Operator shall notify ,the Subscriber of the information on their personal data and processing of such data upon the latter’s written request.,The information on personal data and processing of such data shall be provided to the Subscriber by providing a ,written response at the Subscriber Service Office or by mail.
The Operator shall provide the Subscriber with the ,opportunity to be acquainted with their personal data and to enter the necessary amendments thereto free of charge.,6.17.
The storage of personal data in the form allowing to define the Subscriber shall be carried out no longer than ,that is demanded by the purposes of its processing.,6.18.
The Operator may provide authorized bodies, organizations and individuals with the Subscriber’s personal ,data only upon written request indicating the reasons for familiarizing with such personal data in cases stipulated by ,the legislation of the Russian Federation and / or the rules of domain name registration.,6.19.
The Subscriber’s personal data may be transferred to third parties (partners of the Operator) within the ,framework of providing services to the Subscriber under the Contract concluded with the Operator subject to ,complying with applicable law.,6.20.
The blocking of the Subscriber’s personal data shall be carried out in case of finding a false personal data ,when handling or at the Subscriber’s, its authorized representative’s or the authorized personal data protection ,body’s request for the entire period of investigation starting from the very moment of submission/receipt of the ,relevant request.,6.21.
The destruction of the Subscriber’s personal data shall be carried out in accordance with the period of ,prescription, agreements and contracts concluded between the Operator and the Subscriber upon expiry of the terms ,established by the current legislation.,6.22.
The volume of personal data being processed shall correspond to the stated purposes of processing.
The ,personal data being processed shall not be excessive in relation to the stated purposes of their processing.,6.23.
Operators and other individuals/legal entities that have granted access to personal data shall be obliged to ,respect the confidentiality of personal data, shall not disclose to third parties or distribute such personal data without,the Subscriber’s consent, unless otherwise provided by Federal law.,6.24.
The following may be deemed as conditions for termination of personal data processing: achievement of the ,purposes of personal data processing, expiration of the consent or withdrawal of the Subscriber’s consent to ,processing of their personal data, as well as finding out that personal data processing is illegal.,6.25.
When collecting personal data, the Operator shall record, systematize, accumulate, store, clarify (update, ,change) and extract the Subscriber’s personal data using databases located on the territory of the Russian Federation.,6.26.
The cross-border transfer of personal data for the purposes of this Policy shall be carried out under a contract ,with the Subscriber participating in it in the capacity of a party upon the Subscriber’s request, in their interests and ,for the quality of services provided to them.
In this case, no Subscriber’s written consent to cross-border transfer of ,their personal data shall be required.,7.
Personal data protection,7.1.
The Operator shall provide the protection of the Subscriber’s personal data against its illegal operation or loss ,according to the order established by the legislation of the Russian Federation.,7.2.
The security of the Subscriber’s personal data shall be achieved by eliminating unauthorized, including ,accidental, access to the specified personal data, which may result in its destruction, modification, blocking, copying,and distribution, as well as other unauthorized actions.,7.3.
When processing personal data, the Operator shall take all the necessary legal, organizational and technical ,measures or ensure their adoption in order to protect personal data from illegal or accidental access to it, its ,destruction, modification, blocking, copying, provision and distribution, as well as from other illegal actions in ,relation to such personal data.,7.4.
The measures taken by the Operator in order to protect the Subscriber’s personal data during its processing are ,described in this Policy and other internal documents of the Operator.,8.
Rights and obligations of the Subscriber,8.1.
The Subscriber shall have the right to:,- obtain full information on their personal data and processing of such data.,- have a free access to their personal data, except as provided by a Federal Law.,- appoint their representatives in order to protect their personal data.,- demand for exclusion or correction of incorrect or incomplete personal data.,- appeal to the appropriate authorities of any illegal actions or omissions of authorized officials during processing ,and protection of their personal data.,- withdraw their consent to personal data processing.,8.2.
The Subscriber shall:,- provide all the necessary documents and information containing reliable data on the Subscriber when concluding ,the Contract.,- timely inform the Operator on changes in information relating to personal data including changes in passport data, ,place of registration, etc.
The Operator needs such timely notifications of changes in order to comply with the ,legislation of the Russian Federation.,9.
Rights and obligations of the Operator,9.1.
In order to provide services to the Subscriber within the framework of the concluded Contract, the Operator ,may transfer the Subscriber’s personal data to third parties (its partners) to such extent and in such manner as ,necessary for fulfilling the Contract and following the norms of the current legislation of the Russian Federation.,9.2.
The Operator must inform the Subscriber or their representative, upon their request, on existence of personal ,data relating to the Subscriber as well as provide the opportunity to become aware with such personal data within ,thirty days starting from the date of receipt of the request, or provide reasons for refusal to grant access to such data.,9.3.
Within a period not exceeding seven business days starting from the date of the Subscriber’s or their ,representative’s submission of information confirming that personal data is incomplete, inaccurate or irrelevant, the ,Operator shall make all the necessary changes to them.
Within a period not exceeding seven business days starting ,from the date of the Subscriber’s or their representative’s submission of information confirming that such personal ,data has been obtained illegally or is not necessary for the stated purposes of processing, the Operator shall destroy ,such personal data.
The Operator shall notify the Subscriber or their representative on the amendments made and the,measures taken, and take reasonable measures to notify the third parties-recipients of amended personal data on such,too.
,9.4.
If it is compulsory to provide personal data in accordance with the current legislation of the Russian Federation, ,the Operator shall explain to the Subscriber the legal consequences of refusing to provide their personal data.,10.
Liability for personal data disclosure,10.1.
Individuals or legal entities guilty of violating the requirements of the legislation of the Russian Federation in ,the field of processing and protection of personal data shall bear civil, criminal, administrative, disciplinary and ,other liability established by the legislation of the Russian Federation.,11.
Miscellaneous,11.1.
This Policy is subject to change when the legislation changes.,11.2.
This Personal Data Processing Policy determines the Operator’s policy regarding the processing of the ,Subscriber’s personal data published on the Operator’s official website www.beget.com/en, and is available to all ,Internet users.,11.3.
The Subscriber, their representatives and authorized bodies shall send their requests/appeals to ,manager@beget.com and / or to 195027, Russia, Saint Petersburg, p/b 209 regarding any inaccuracy of personal ,data, illegality of its processing, withdrawal of consent and the Subscriber’s access to their data and also the relevant,forms of such requests/appeals.